DEBIAN-CVE-2007-3377

DEBIAN-CVE-2007-3377 PUBLISHED

Header.pm in Net::DNS before 0.60, a Perl module, (1) generates predictable sequence IDs with a fixed increment and (2) can use the same starting ID for all child processes of a forking server, which allows remote attackers to spoof DNS responses, as originally reported for qpsmtp and spamassassin.

Affected Products

Vendor	Product	Versions
Debian:12	libnet-dns-perl	0, 0, 0
Debian:13	libnet-dns-perl	0, 0, 0
Debian:14	libnet-dns-perl	0, 0, 0
Debian:11	libnet-dns-perl	0, 0, 0

Timeline

Jun 25, 2007 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2007-3377 advisory

Open in Interactive Console →